The other day in a rush to quickly download and install tortoise svn, I accidentally clicked on a big download button on an ad on their site and installed something that I don't see on my computer.

It's called PDF Creator from wisedownloads.com. I don't see any new programs installed after I installed it. I'm wondering if anybody knows anything about this domain and software? I've googled it, but I can't seem to find anything.

1 Answer
1

PDFCreator, the real one, is a virtual printer which produces PDF files. It provides the "print to PDF" functionality to Windows machines. It is good software -- but what you got under the name "PDF Creator" might or might not be this software. Name uniqueness is not proactively enforced throughout the Web.

Wisedownloads.com is one of these myriads of sites which offer links or mirrored copies of various software packages. The AVG people find it "currently safe" although some users had mixed experiences with regards to stuff downloaded from that site (and other peoples have had mixed experiences with regards to AVG itself, so that information is not necessarily the Word of God). Wisedownloads.com appears to be based in Florida, thus subject to US Law, which could be a good sign.

On Windows, use Program and Features from the control panel to see which software is actually installed. "Honest" software which does not create menu entries or desktop icons will still appear there.

(If you were "in a rush" then possibly you did not install anything, you just downloaded the file, which will then appear in your "Downloads" folder. If you locate the downloaded file, whether you installed it or not, you could hash it with MD5 and search for the hash value on Google. There are sites which aggregate hash values for known bad files, and Google indexes them.)

thanks very much for the response. i definitely installed it while half paying attention. I checked in control panel and i don't see pdf creator. I downloaded it multiple times, and each setup.exe generates a different md5 hash. Not sure what that means.
–
RizFeb 25 '13 at 20:03

1

A fast-morphing setup.exe is not a good sign: it looks like one of the classic evasive maneuvers of malware, trying to avoid the wrath of antivirus. It takes some effort to build a new .exe file for each download, so this will not happen without a reason.
–
Tom LeekFeb 25 '13 at 20:15

Funny enough but ESET's NOD doesn't think it's safe to browse Wisedownloads.com with no explicit reason given, but Google didn't tag it as a threat or that it hosted malware in the last 90 days. @Riz - you could check if it appeared as one of the installed printers in your Control Panel/Printers and Faxes. It's as Tom mentioned a virtual printer driver (if it's a legit download). Or open a print dialog in one of your applications and see if it appears there ;)
–
TildalWaveFeb 25 '13 at 20:15

@Riz - Then I suggest you hit the full system scan with your AV (update its definitions 1st) and hope for the best. Don't reboot! More pesky visitors won't be bothered much by your AV now that they're already in the system and possibly made it cozy enough for themselves though. You could also try with a system restore, if you have that enabled. Again, it might not get rid of your infection, but short of 'nuking it from orbit' your options are rather limited. Read some threads on here about it for more help. ;)
–
TildalWaveFeb 25 '13 at 20:24